]> git.proxmox.com Git - ovs.git/log
ovs.git
5 years agodatapath: kmalloc() -> kmalloc_array()
Kees Cook [Thu, 13 Dec 2018 23:08:18 +0000 (15:08 -0800)]
datapath: kmalloc() -> kmalloc_array()

Upstream commit:
    commit 6da2ec56059c3c7a7e5f729e6349e74ace1e5c57
    Author: Kees Cook <keescook@chromium.org>
    Date:   Tue Jun 12 13:55:00 2018 -0700

    treewide: kmalloc() -> kmalloc_array()

    The kmalloc() function has a 2-factor argument form, kmalloc_array(). This
    patch replaces cases of:

            kmalloc(a * b, gfp)

    with:
            kmalloc_array(a * b, gfp)

    as well as handling cases of:

            kmalloc(a * b * c, gfp)

    with:

            kmalloc(array3_size(a, b, c), gfp)

    as it's slightly less ugly than:

            kmalloc_array(array_size(a, b), c, gfp)

    This does, however, attempt to ignore constant size factors like:

            kmalloc(4 * 1024, gfp)

    though any constants defined via macros get caught up in the conversion.

    Any factors with a sizeof() of "unsigned char", "char", and "u8" were
    dropped, since they're redundant.

    The tools/ directory was manually excluded, since it has its own
    implementation of kmalloc().

    The Coccinelle script used for this was:

    // Fix redundant parens around sizeof().
    @@
    type TYPE;
    expression THING, E;
    @@

    (
      kmalloc(
    - (sizeof(TYPE)) * E
    + sizeof(TYPE) * E
      , ...)
    |
      kmalloc(
    - (sizeof(THING)) * E
    + sizeof(THING) * E
      , ...)
    )

    // Drop single-byte sizes and redundant parens.
    @@
    expression COUNT;
    typedef u8;
    typedef __u8;
    @@

    (
      kmalloc(
    - sizeof(u8) * (COUNT)
    + COUNT
      , ...)
    |
      kmalloc(
    - sizeof(__u8) * (COUNT)
    + COUNT
      , ...)
    |
      kmalloc(
    - sizeof(char) * (COUNT)
    + COUNT
      , ...)
    |
      kmalloc(
    - sizeof(unsigned char) * (COUNT)
    + COUNT
      , ...)
    |
      kmalloc(
    - sizeof(u8) * COUNT
    + COUNT
      , ...)
    |
      kmalloc(
    - sizeof(__u8) * COUNT
    + COUNT
      , ...)
    |
      kmalloc(
    - sizeof(char) * COUNT
    + COUNT
      , ...)
    |
      kmalloc(
    - sizeof(unsigned char) * COUNT
    + COUNT
      , ...)
    )

    // 2-factor product with sizeof(type/expression) and identifier or constant.
    @@
    type TYPE;
    expression THING;
    identifier COUNT_ID;
    constant COUNT_CONST;
    @@

    (
    - kmalloc
    + kmalloc_array
      (
    - sizeof(TYPE) * (COUNT_ID)
    + COUNT_ID, sizeof(TYPE)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(TYPE) * COUNT_ID
    + COUNT_ID, sizeof(TYPE)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(TYPE) * (COUNT_CONST)
    + COUNT_CONST, sizeof(TYPE)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(TYPE) * COUNT_CONST
    + COUNT_CONST, sizeof(TYPE)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(THING) * (COUNT_ID)
    + COUNT_ID, sizeof(THING)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(THING) * COUNT_ID
    + COUNT_ID, sizeof(THING)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(THING) * (COUNT_CONST)
    + COUNT_CONST, sizeof(THING)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(THING) * COUNT_CONST
    + COUNT_CONST, sizeof(THING)
      , ...)
    )

    // 2-factor product, only identifiers.
    @@
    identifier SIZE, COUNT;
    @@

    - kmalloc
    + kmalloc_array
      (
    - SIZE * COUNT
    + COUNT, SIZE
      , ...)

    // 3-factor product with 1 sizeof(type) or sizeof(expression), with
    // redundant parens removed.
    @@
    expression THING;
    identifier STRIDE, COUNT;
    type TYPE;
    @@

    (
      kmalloc(
    - sizeof(TYPE) * (COUNT) * (STRIDE)
    + array3_size(COUNT, STRIDE, sizeof(TYPE))
      , ...)
    |
      kmalloc(
    - sizeof(TYPE) * (COUNT) * STRIDE
    + array3_size(COUNT, STRIDE, sizeof(TYPE))
      , ...)
    |
      kmalloc(
    - sizeof(TYPE) * COUNT * (STRIDE)
    + array3_size(COUNT, STRIDE, sizeof(TYPE))
      , ...)
    |
      kmalloc(
    - sizeof(TYPE) * COUNT * STRIDE
    + array3_size(COUNT, STRIDE, sizeof(TYPE))
      , ...)
    |
      kmalloc(
    - sizeof(THING) * (COUNT) * (STRIDE)
    + array3_size(COUNT, STRIDE, sizeof(THING))
      , ...)
    |
      kmalloc(
    - sizeof(THING) * (COUNT) * STRIDE
    + array3_size(COUNT, STRIDE, sizeof(THING))
      , ...)
    |
      kmalloc(
    - sizeof(THING) * COUNT * (STRIDE)
    + array3_size(COUNT, STRIDE, sizeof(THING))
      , ...)
    |
      kmalloc(
    - sizeof(THING) * COUNT * STRIDE
    + array3_size(COUNT, STRIDE, sizeof(THING))
      , ...)
    )

    // 3-factor product with 2 sizeof(variable), with redundant parens removed.
    @@
    expression THING1, THING2;
    identifier COUNT;
    type TYPE1, TYPE2;
    @@

    (
      kmalloc(
    - sizeof(TYPE1) * sizeof(TYPE2) * COUNT
    + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
      , ...)
    |
      kmalloc(
    - sizeof(TYPE1) * sizeof(THING2) * (COUNT)
    + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
      , ...)
    |
      kmalloc(
    - sizeof(THING1) * sizeof(THING2) * COUNT
    + array3_size(COUNT, sizeof(THING1), sizeof(THING2))
      , ...)
    |
      kmalloc(
    - sizeof(THING1) * sizeof(THING2) * (COUNT)
    + array3_size(COUNT, sizeof(THING1), sizeof(THING2))
      , ...)
    |
      kmalloc(
    - sizeof(TYPE1) * sizeof(THING2) * COUNT
    + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
      , ...)
    |
      kmalloc(
    - sizeof(TYPE1) * sizeof(THING2) * (COUNT)
    + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
      , ...)
    )

    // 3-factor product, only identifiers, with redundant parens removed.
    @@
    identifier STRIDE, SIZE, COUNT;
    @@

    (
      kmalloc(
    - (COUNT) * STRIDE * SIZE
    + array3_size(COUNT, STRIDE, SIZE)
      , ...)
    |
      kmalloc(
    - COUNT * (STRIDE) * SIZE
    + array3_size(COUNT, STRIDE, SIZE)
      , ...)
    |
      kmalloc(
    - COUNT * STRIDE * (SIZE)
    + array3_size(COUNT, STRIDE, SIZE)
      , ...)
    |
      kmalloc(
    - (COUNT) * (STRIDE) * SIZE
    + array3_size(COUNT, STRIDE, SIZE)
      , ...)
    |
      kmalloc(
    - COUNT * (STRIDE) * (SIZE)
    + array3_size(COUNT, STRIDE, SIZE)
      , ...)
    |
      kmalloc(
    - (COUNT) * STRIDE * (SIZE)
    + array3_size(COUNT, STRIDE, SIZE)
      , ...)
    |
      kmalloc(
    - (COUNT) * (STRIDE) * (SIZE)
    + array3_size(COUNT, STRIDE, SIZE)
      , ...)
    |
      kmalloc(
    - COUNT * STRIDE * SIZE
    + array3_size(COUNT, STRIDE, SIZE)
      , ...)
    )

    // Any remaining multi-factor products, first at least 3-factor products,
    // when they're not all constants...
    @@
    expression E1, E2, E3;
    constant C1, C2, C3;
    @@

    (
      kmalloc(C1 * C2 * C3, ...)
    |
      kmalloc(
    - (E1) * E2 * E3
    + array3_size(E1, E2, E3)
      , ...)
    |
      kmalloc(
    - (E1) * (E2) * E3
    + array3_size(E1, E2, E3)
      , ...)
    |
      kmalloc(
    - (E1) * (E2) * (E3)
    + array3_size(E1, E2, E3)
      , ...)
    |
      kmalloc(
    - E1 * E2 * E3
    + array3_size(E1, E2, E3)
      , ...)
    )

    // And then all remaining 2 factors products when they're not all constants,
    // keeping sizeof() as the second factor argument.
    @@
    expression THING, E1, E2;
    type TYPE;
    constant C1, C2, C3;
    @@

    (
      kmalloc(sizeof(THING) * C2, ...)
    |
      kmalloc(sizeof(TYPE) * C2, ...)
    |
      kmalloc(C1 * C2 * C3, ...)
    |
      kmalloc(C1 * C2, ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(TYPE) * (E2)
    + E2, sizeof(TYPE)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(TYPE) * E2
    + E2, sizeof(TYPE)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(THING) * (E2)
    + E2, sizeof(THING)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - sizeof(THING) * E2
    + E2, sizeof(THING)
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - (E1) * E2
    + E1, E2
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - (E1) * (E2)
    + E1, E2
      , ...)
    |
    - kmalloc
    + kmalloc_array
      (
    - E1 * E2
    + E1, E2
      , ...)
    )

Signed-off-by: Kees Cook <keescook@chromium.org>
CC: Kees Cook <keescook@chromium.org>
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoAUTHORS: Add Martin Xu.
Ben Pfaff [Thu, 13 Dec 2018 19:29:47 +0000 (11:29 -0800)]
AUTHORS: Add Martin Xu.

Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agorhel: Add 'SYSTEMD_NO_WRAP=yes' in ovs init script for SLES
Martin Xu [Mon, 10 Dec 2018 14:33:19 +0000 (06:33 -0800)]
rhel: Add 'SYSTEMD_NO_WRAP=yes' in ovs init script for SLES

The variable equivalent to RHEL's 'SYSTEMCTL_SKIP_REDIRECT=yes' on SLES
12 is 'SYSTEMD_NO_WRAP=yes'

VMware-BZ: #2245358
Reviewed-by: Markos Chandras <mchandras@suse.de>
CC: Markos Chandras <mchandras@suse.de>
CC: Ansis Atteka <aatteka@ovn.org>
CC: Ben Pfaff <blp@ovn.org>
Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodpdk: Update to use DPDK 18.11.
Ophir Munk [Mon, 10 Dec 2018 22:15:38 +0000 (22:15 +0000)]
dpdk: Update to use DPDK 18.11.

This commit adds support for DPDK v18.11, it includes the following
changes.

1. Enable compilation and linkage with dpdk 18.11.0
   The following dpdk commits which were introduced after dpdk 17.11.x
   require OVS updates to accommodate to the dpdk changes.
   - ce17edde ("ethdev: introduce Rx queue offloads API")
   - ab3ce1e0 ("ethdev: remove old offload API")
   - c06ddf96 ("meter: add configuration profile")
   - e58638c3 ("ethdev: fix TPID handling in flow API")
   - cd8c7c7c ("ethdev: replace bus specific struct with generic dev")
   - ac8d22de ("ethdev: flatten RSS configuration in flow API")

2. Limit configured rss hash functions to only those supported
   by the eth device.

3. Set default RSS key in struct action_rss_data, required by OVS
   commit- e8a2b5bf ("netdev-dpdk: implement flow offload with rte flow")
   when configured with "other_config:hw-offload=true".

4. DEV_RX_OFFLOAD_CRC_STRIP has been removed from DPDK 18.11.
   DEV_RX_OFFLOAD_KEEP_CRC can now be used to keep the CRC.
   Use the correct flag and check it is supported.

5. rte_eth_dev_attach/detach have been removed from DPDK 18.11.
   Replace them with rte_dev_probe/remove.

6. Update docs and travis to use DPDK18.11.

This commit squashes the following commits present on the dpdk-latest
branch:

7f021f902bb3 ("netdev-dpdk: Upgrade to dpdk v18.08")
270d9216f1ed ("netdev-dpdk: Set scatter based on capabilities")
bef2cdc8f412 ("netdev-dpdk: Fix returning the field of malloced struct.")
73c1a65167fc ("redhat: change variable used for non-root user support")
eb485f60ce44 ("dpdk: Update to use DPDK 18.11.")

For credit all authors of the original commits above have been added as
co-authors for this commmit.

From: Ophir Munk <ophirmu@mellanox.com>
Signed-off-by: Ophir Munk <ophirmu@mellanox.com>
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Co-authored-by: Kevin Traynor <ktraynor@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Co-authored-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Co-authored-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
5 years agosparse: Fix incompatibility with glibc 2.28 and later.
Ben Pfaff [Wed, 12 Dec 2018 17:45:21 +0000 (09:45 -0800)]
sparse: Fix incompatibility with glibc 2.28 and later.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
5 years agoovn: Fix indentation in TODO.
Ben Pfaff [Thu, 20 Sep 2018 23:44:11 +0000 (16:44 -0700)]
ovn: Fix indentation in TODO.

Some items listed under ovsdb-server should have been top-level items.

Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoOVN: add selected mac address to MACAM in update_dynamic_addresses
Lorenzo Bianconi [Wed, 21 Nov 2018 16:03:39 +0000 (17:03 +0100)]
OVN: add selected mac address to MACAM in update_dynamic_addresses

Add selected dynamic mac address to MACAM in update_dynamic_addresses
and not just in in ipam_add_port_addresses/ipam_insert_lsp_addresses
since the second approach can produce a duplicated L2 address in a
IPv6-only network if ipv6_prefix is provided after logical port creation.
The issue can be triggered with the following reproducer:

$ovn-nbctl ls-add sw0
$ovn-nbctl lsp-add sw0 sw0-port1
$ovn-nbctl lsp-set-addresses sw0-port1 "dynamic"
$ovn-nbctl lsp-add sw0 sw0-port2
$ovn-nbctl lsp-set-addresses sw0-port2 "dynamic"
$ovs-vsctl add-port br-int p1 -- \
    set Interface p1 external_ids:iface-id=sw0-port1
$ovs-vsctl add-port br-int p2 -- \
    set Interface p2 external_ids:iface-id=sw0-port2
[..]
$ovn-nbctl --wait=sb set Logical-switch sw0 \
    other_config:ipv6_prefix="aef0::"

$ovn-nbctl list logical_switch_port
_uuid               : 1e0e2ed8-20c6-48dc-bfa8-d823e48c9f45
addresses           : [dynamic]
dhcpv4_options      : []
dhcpv6_options      : []
dynamic_addresses   : "0a:00:00:00:00:01 aef0::800:ff:fe00:1"
enabled             : []
external_ids        : {}
name                : "sw0-port1"
options             : {}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : ""
up                  : true

_uuid               : cfeab7fb-e20b-41f1-974c-f99e0b5293d7
addresses           : [dynamic]
dhcpv4_options      : []
dhcpv6_options      : []
dynamic_addresses   : "0a:00:00:00:00:01 aef0::800:ff:fe00:1"
enabled             : []
external_ids        : {}
name                : "sw0-port2"
options             : {}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : ""
up                  : true

Fixes: c814545b43ac ("OVN: configure L2 address according to the used IP
address")

Acked-by: Mark Michelson <mmichels@redhat.com>
Acked-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agopinctrl: Check requested IP in DHCPREQUEST messages
Gregory Smith [Wed, 12 Dec 2018 18:46:11 +0000 (10:46 -0800)]
pinctrl: Check requested IP in DHCPREQUEST messages

See RFC 2131, section 4.3.2. When handling a DHCPREQUEST message, the
server should validate that the client's requested IP matches the
offered IP. If not, the server should reply with a DHCPNAK. The client's
requested IP is either specified as the Requested IP Address (option
50), or as the ciaddr, depending on the client's state.

Signed-off-by: Gregory Smith <gasmith@nutanix.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodhcp: Mark dhcp_header as packed.
Ben Pfaff [Wed, 12 Dec 2018 18:46:10 +0000 (10:46 -0800)]
dhcp: Mark dhcp_header as packed.

This structure isn't performance-sensitive and making it packed simplifies
thinking about access to it.

CC: Gregory Smith <gasmith@nutanix.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovn-controller: Inject GARPs to logical switch pipeline to update neighbors
Daniel Alvarez [Tue, 4 Dec 2018 18:14:35 +0000 (19:14 +0100)]
ovn-controller: Inject GARPs to logical switch pipeline to update neighbors

Prior to this patch, GARPs announcing NAT addresses or new VIFs
were sent out to localnet ofport through an output action.
This can lead to problems since local datapaths won't get those
GARPs and ovn-controller won't update MAC_Binding entries (as
upstream switch will not send back the GARP to this port hence
other logical routers won't update their neighbours).

This patch is changing the behavior so that GARPs get injected
to OVN pipeline of the external switch. This way, they'll get
broadcasted to local pipelines and also sent out to the external
network through the localnet port.

Acked-by: Han Zhou <hzhou8@ebay.com>
Acked-by: Numan Siddique <nusiddiq@redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-October/047604.html
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agonetdev: Add comment to allow removing a workaround in the future
Daniel Alvarez [Fri, 16 Nov 2018 10:42:29 +0000 (11:42 +0100)]
netdev: Add comment to allow removing a workaround in the future

This patch [0] in glibc fixes an issue which is right now workarounded
in OVS by [1]. I'm adding a comment to indicate that from glibc 2.28
and beyond, the workaround is not needed so that we can eventually
remove it.

[0] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1f86a33ca32e26a9d6e29fc961e5ecb5e2e5eb4
[1] https://github.com/openvswitch/ovs/commit/3434d306866d825084d2d186d1f8dd98662ff650

Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoAUTHORS: Add Martin Fong.
Ben Pfaff [Wed, 12 Dec 2018 18:02:21 +0000 (10:02 -0800)]
AUTHORS: Add Martin Fong.

Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovs-tcpdump: Add --span to mirror all ports on bridge.
Martin Fong [Fri, 9 Nov 2018 20:16:02 +0000 (12:16 -0800)]
ovs-tcpdump: Add --span to mirror all ports on bridge.

Signed-off-by: Martin Fong <mwfong@csl.sri.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoofproto: Return correct error codes from meter_set.
Tony van der Peet [Wed, 21 Nov 2018 20:44:43 +0000 (09:44 +1300)]
ofproto: Return correct error codes from meter_set.

This routine should return enum ofperr, but in a couple of places
doesn't. When adding one more meter when the meter table is full,
this results in an incorrect error message.

Signed-off-by: Tony van der Peet <tony.vanderpeet@alliedtelesis.co.nz>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoutilities: Add smap related command and iterator to the GDB script
Eelco Chaudron [Thu, 22 Nov 2018 15:18:14 +0000 (16:18 +0100)]
utilities: Add smap related command and iterator to the GDB script

Adds "ovs_dump_smap <struct smap *>" command

Example output:

Breakpoint 1, trtcm_policer_qos_construct (details=0x135bad0, conf=0x7ffd31f5da28) at lib/netdev-dpdk.c:4154
(gdb) ovs_dump_smap 0x135bad0
cbs: 2048
cir: 151800
eir: 151800
pbs: 2048

Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agocirrus: Add Cirrus CI integration for FreeBSD build
Ilya Maximets [Tue, 11 Dec 2018 14:34:17 +0000 (17:34 +0300)]
cirrus: Add Cirrus CI integration for FreeBSD build

CirrusCI [1] is free for open-sorce projects and provides similar
to TravisCI interfaces. One significant difference is ability
to run tasks on FreeBSD instances.

This patch adds simple configuration file to test OVS build
on two FreeBSD releases with gcc and clang.
Unit tests are commented out because they are broken for now.

To enable the automated checks Cirrus CI application from GitHub
Marketplace should be installed. See details in Quick Start guide [2].

[1] https://cirrus-ci.org
[2] https://cirrus-ci.org/guide/quick-start/

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agotreewide: Wider use of packet batch APIs.
Ilya Maximets [Mon, 10 Dec 2018 17:17:53 +0000 (20:17 +0300)]
treewide: Wider use of packet batch APIs.

This patch replaces most of direct accesses to the dp_packet_batch
internal components by appropriate APIs.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
5 years agotests: Fix syntax in another ODP test.
Ben Pfaff [Mon, 10 Dec 2018 17:45:47 +0000 (09:45 -0800)]
tests: Fix syntax in another ODP test.

Reported-by: Ilya Maximets <i.maximets@samsung.com>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agotests: Simplify and improve the daemon tests.
Ben Pfaff [Mon, 10 Dec 2018 17:43:19 +0000 (09:43 -0800)]
tests: Simplify and improve the daemon tests.

The daemon tests used files a lot when shell variables were easier to use
and easier to understand.  This commit changes that.

The tests created empty databases that aren't really needed anymore.  This
commit changes them to use the ovsdb-server --no-db option instead.

The tests had a lot of common code for checking the ancestry of processes.
This commit factors out a new shell function check_ancestors.

The tests tended to use random pidfile names.  This switches to just using
the defaults, which are fine.

The tests didn't check the names of the child processes.  This adds those
checks using the new check_process_name shell function.  This should avoid
regression of the bug fixed by commit 266f79e32c60 ("daemon-unix: Use
same name for original or restarted children.")

Other minor improvements too.

I only made small updates to the Windows-specific test, because it is hard
for me to verify.

Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodpctl: Simplify opt_dpif_open().
Darrell Ball [Mon, 19 Nov 2018 19:09:26 +0000 (11:09 -0800)]
dpctl: Simplify opt_dpif_open().

The commonly used function, opt_dpif_open(), recently became more complex
to check for a datapath argument. Unnecessary dummy parameters for most users
were hence added.  Revert back and call the intended api, dp_arg_exists(), to
query for a datapath argument being supplied.

Fixes: 4eeec031d4c4 ("dpctl: Implement dpctl commands for conntrack per zone limit")
Acked-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoAUTHORS: Add David Marchand and Scott Cheloha.
Ben Pfaff [Mon, 10 Dec 2018 21:04:20 +0000 (13:04 -0800)]
AUTHORS: Add David Marchand and Scott Cheloha.

Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovs-ctl: fix system-id.conf owner
David Marchand [Thu, 22 Nov 2018 15:37:57 +0000 (16:37 +0100)]
ovs-ctl: fix system-id.conf owner

As far as RPMs are concerned, system-id.conf file is declared as being
owned by openvswitch.
At the first ovs startup, ovs-ctl creates this file if none exists without
ensuring this.

We end up with an inconsistency:
$ rpm -V openvswitch
.....UG..  c /etc/openvswitch/system-id.conf

Fix this when ovs-ctl is the one who creates the file.

Note: this issue ends up being hidden after a RPM upgrade, since the
openvswitch user is enforced on the whole /etc/openvswitch directory as a
%post operation.

Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agorhel: Don't ship static libraries
Timothy Redaelli [Tue, 20 Nov 2018 18:40:50 +0000 (19:40 +0100)]
rhel: Don't ship static libraries

Since commit bc4fd439586f ("rhel: Ship ovs shared libraries, fedora")
openvswitch-devel RPM package includes both static and shared library.
This is against the Fedora Packaging Guidelines [1].

This commit prevent the static libraries and libtool archives to be shipped.

[1] https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries

Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovs-thread: Add thread safety annotation to cond_wait.
Ilya Maximets [Mon, 10 Dec 2018 17:05:23 +0000 (20:05 +0300)]
ovs-thread: Add thread safety annotation to cond_wait.

This fixes build with clang on FreeBSD:

  lib/ovs-thread.c:266:13: error:

  calling function 'pthread_cond_wait' requires holding mutex \
  'mutex->lock' exclusively [-Werror,-Wthread-safety-analysis]

      error = pthread_cond_wait(cond, &mutex->lock);
              ^

Fixes: 97be153858b4 ("clang: Add annotations for thread safety check.")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovs-thread: Drop xpthread_meutex_{un}lock finctions.
Ilya Maximets [Mon, 10 Dec 2018 17:05:22 +0000 (20:05 +0300)]
ovs-thread: Drop xpthread_meutex_{un}lock finctions.

There are no users of these functions.
This change fixes clang build on FreeBSD:

  lib/ovs-thread.c:158:1: error: \
      mutex 'mutex' is still held at the end of function \
      [-Werror,-Wthread-safety-analysis]
  XPTHREAD_FUNC1(pthread_mutex_lock, pthread_mutex_t *);
  ^
  lib/ovs-thread.c:138:5: note: expanded from macro 'XPTHREAD_FUNC1'
      }
      ^

Fixes: 4dff0893c376 ("ovs-atomic-pthreads: Use global shared locks for atomic_flag also.")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agotests: Remove redzone flag for FreeBSD 12+.
Ilya Maximets [Mon, 10 Dec 2018 17:05:21 +0000 (20:05 +0300)]
tests: Remove redzone flag for FreeBSD 12+.

'redzone' not supported in new versions of jemalloc
(since jemalloc 5.0.0).

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoconfigure.ac: More enhanced check for pthread library.
Ilya Maximets [Mon, 10 Dec 2018 17:05:20 +0000 (20:05 +0300)]
configure.ac: More enhanced check for pthread library.

FreeBSD 12 supports 'pthread_rwlock_tryrdlock' without 'pthread'
library. Let's add check for more rare function.
OTOH, Travis-CI environment supports 'pthread_rwlockattr_destroy',
but does not support 'pthread_rwlock_tryrdlock' without 'pthread'.
So, both checks needed.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agotests: keep some datapath parsing tests from hanging
Scott Cheloha [Thu, 29 Nov 2018 00:38:03 +0000 (18:38 -0600)]
tests: keep some datapath parsing tests from hanging

The arguments to sed(1) need to be on the same line in the shell
script or it will just sit there awaiting input.

Signed-off-by: Scott Cheloha <scottcheloha@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoAUTHORS: Add Yousong Zhou.
Ben Pfaff [Tue, 4 Dec 2018 02:15:43 +0000 (18:15 -0800)]
AUTHORS: Add Yousong Zhou.

Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovs-ctl: fallback to "uname -n" for fetching hostname
Yousong Zhou [Tue, 4 Dec 2018 01:41:26 +0000 (01:41 +0000)]
ovs-ctl: fallback to "uname -n" for fetching hostname

The command "hostname" is not available in OpenWrt by default.  Strace
result of hostname-3.13 on centos7 shows that bare "hostname" command
calls uname() to fetch node name.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoofctl_parse_target: Fix memory leaks if there is no usable protocol
Yifeng Sun [Wed, 28 Nov 2018 00:10:11 +0000 (16:10 -0800)]
ofctl_parse_target: Fix memory leaks if there is no usable protocol

When there is no usable protocol, ofctl_parse_flows__ returns without
properly freeing memory. A previous patch failed to fix this issue.
This patch fixes it.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11406
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11408
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoodp-util: Validate values of vid and pcp in push_vlan action
Yifeng Sun [Wed, 28 Nov 2018 00:10:12 +0000 (16:10 -0800)]
odp-util: Validate values of vid and pcp in push_vlan action

Oss-fuzz complains that 'vid << VLAN_VID_SHIFT' is causing an error of
"Undefined-shift in parse_odp_action". This is because an invalid
value of vid is passed in push_vlan. This patch adds validation to
the value of vid, in addition to the value of pcp.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11520
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovs-ofctl: update a man page about group syntax
Nobuhiro MIKI [Wed, 28 Nov 2018 13:47:20 +0000 (22:47 +0900)]
ovs-ofctl: update a man page about group syntax

Signed-off-by: Nobuhiro MIKI <nob@bobuhiro11.net>
5 years agoovn-sb.xml: Remove outdated paragragh which is not true any more.
Numan Siddique [Tue, 27 Nov 2018 16:50:24 +0000 (22:20 +0530)]
ovn-sb.xml: Remove outdated paragragh which is not true any more.

Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoDocumentation: Fixing some minor spelling mistakes and consistent usage of certain...
Ashish Varma [Wed, 28 Nov 2018 18:49:50 +0000 (10:49 -0800)]
Documentation: Fixing some minor spelling mistakes and consistent usage of certain keywords.

Signed-off-by: Ashish Varma <ashishvarma.ovs@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovs-ofctl: Correct "out_group" field usage text in manpage.
Ashish Varma [Thu, 29 Nov 2018 21:44:34 +0000 (13:44 -0800)]
ovs-ofctl: Correct "out_group" field usage text in manpage.

Right now the man page of ovs-ofctl has "out_group=port". Correcting the
output to group instead of port.

Signed-off-by: Ashish Varma <ashishvarma.ovs@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodatapath: use KARCH when building linux datapath modules
Yousong Zhou [Fri, 30 Nov 2018 07:30:04 +0000 (07:30 +0000)]
datapath: use KARCH when building linux datapath modules

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovs-save: compatible with busybox ip command
Yousong Zhou [Fri, 30 Nov 2018 07:30:03 +0000 (07:30 +0000)]
ovs-save: compatible with busybox ip command

Busybox ip command will have exit code 1 for `ip -V` or `ip help` etc.,
use `ip link show` to cover both iproute2 and busybox ip command

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodebian: Install correct vtep-ctl.
Ben Pfaff [Tue, 30 Oct 2018 18:21:06 +0000 (11:21 -0700)]
debian: Install correct vtep-ctl.

The previous syntax installed the libtool wrapper script instead of the
actual binary.  This fixes the problem.

CC: James Page <james.page@ubuntu.com>
Fixes: 3d8dededeaf8 ("debian: Rationalize packaging using new debhelper.")
Reported-by: hubo <hubo@jiedaibao.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-October/047625.html
Acked-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoosvdb: Add some helpful comments.
Ben Pfaff [Thu, 1 Nov 2018 16:29:07 +0000 (09:29 -0700)]
osvdb: Add some helpful comments.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
5 years agoofp-table: Parse table features messages more carefully.
Ben Pfaff [Wed, 29 Aug 2018 20:16:36 +0000 (13:16 -0700)]
ofp-table: Parse table features messages more carefully.

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
5 years agotests: Add support for Address Sanitizer.
Ben Pfaff [Thu, 15 Nov 2018 05:55:55 +0000 (21:55 -0800)]
tests: Add support for Address Sanitizer.

This makes the tests all pass cleanly when Address Sanitizer is enabled.

Acked-by: Mark Michelson <mmichels@redhat.com>
Acked-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agounixctl: Avoid 100% CPU for slowly processed requests with another queued.
Ben Pfaff [Thu, 29 Nov 2018 18:37:02 +0000 (10:37 -0800)]
unixctl: Avoid 100% CPU for slowly processed requests with another queued.

If another request came in on a particular connection while the previous
request was still being processed, unixctl_server_wait() would wake up the
main loop but unixctl_server_run() wouldn't read the request, resulting in
100% CPU use.

I doubt whether this is a real problem because it's unusual for a client
to attempt to make requests in parallel.  I found it while pursuing a 100%
CPU issue but it turned out not to be a bug (the 100% CPU was caused by
a client making requests as fast as possible).

Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Justin Pettit <jpettit@ovn.org>
5 years agonetdev-dpdk: Add mbuf HEADROOM after alignment.
Tiago Lam [Tue, 27 Nov 2018 16:54:23 +0000 (16:54 +0000)]
netdev-dpdk: Add mbuf HEADROOM after alignment.

Commit dfaf00e started using the result of dpdk_buf_size() to calculate
the available size on each mbuf, as opposed to using the previous
MBUF_SIZE macro. However, this was calculating the mbuf size by adding
up the MTU with RTE_PKTMBUF_HEADROOM and only then aligning to
NETDEV_DPDK_MBUF_ALIGN. Instead, the accounting for the
RTE_PKTMBUF_HEADROOM should only happen after alignment, as per below.

Before alignment:
ROUNDUP(MTU(1500) + RTE_PKTMBUF_HEADROOM(128), 1024) = 2048

After aligment:
ROUNDUP(MTU(1500), 1024) + 128 = 2176

This might seem insignificant, however, it might have performance
implications in DPDK, where each mbuf is expected to have 2k +
RTE_PKTMBUF_HEADROOM of available space. This is because not only some
NICs have course grained alignments of 1k, they will also take
RTE_PKTMBUF_HEADROOM bytes from the overall available space in an mbuf
when setting up their Rx requirements. Thus, only the "After alignment"
case above would guarantee a 2k of available room, as the "Before
alignment" would report only 1920B.

Some extra information can be found at:
https://mails.dpdk.org/archives/dev/2018-November/119219.html

Note: This has been found by Ian Stokes while going through some
af_packet checks.

Reported-by: Ian Stokes <ian.stokes@intel.com>
Fixes: dfaf00e ("netdev-dpdk: fix mbuf sizing")
Signed-off-by: Tiago Lam <tiago.lam@intel.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
5 years agoovn: Avoid tunneling for VLAN packets redirected to a gateway chassis
Numan Siddique [Mon, 19 Nov 2018 16:17:38 +0000 (21:47 +0530)]
ovn: Avoid tunneling for VLAN packets redirected to a gateway chassis

An OVN deployment can have multiple logical switches each with a
localnet port connected to a distributed logical router in which one
logical switch may provide external connectivity and the rest of
the localnet logical switches use VLAN tagging in the physical
network.

As reported in [1], external traffic from these localnet VLAN tagged
logical switches are tunnelled to the gateway chassis (chassis hosting
a distributed gateway port which applies NAT rules). As part of the
discussion in [1], there are few possible solutions proposed by
Russell [2]. This patch implements the first option in [2].

With this patch, a new option 'reside-on-redirect-chassis' in 'options'
column of Logical_Router_Port table is added. If the value of this
option is set to 'true' and if the logical router also have a
distributed gateway port, then routing for this logical router port
is centralized in the chassis hosting the distributed gateway port.

If a logical switch 'sw0' is connected to a router 'lr0' with the
router port - 'lr0-sw0' with the address - "00:00:00:00:af:12 192.168.1.1"
, and it has a distributed logical port - 'lr0-public', then the
below logical flow is added in the logical switch pipeline
of 'sw0' if the 'reside-on-redirect-chassis' option is set on 'lr-sw0' -

table=16(ls_in_l2_lkup), priority=50,
match=(eth.dst == 00:00:00:00:af:12 && is_chassis_resident("cr-lr0-public")),
action=(outport = "sw0-lr0"; output;)

"cr-lr0-public" is an internal port binding created by ovn-northd of type
'chassisredirect' for lr0-public in SB DB. Please see "man ovn-sb" for more details.

With the above flow, the packet doesn't enter the router pipeline in
the source chassis. Instead the packet is sent out via the localnet
port of 'sw0'. The gateway chassis upon receiving this packet, runs
the logical router pipeline applying NAT rules and sends the traffic
out via the localnet port of the logical switch providing external connectivity.
The gateway chassis will also reply to the ARP requests for the router port IPs.

With this approach, we avoid redirecting the external traffic to the
gateway chassis via the tunnel port. There are a couple of drawbacks
with this approach:

  - East - West routing is no more distributed for the VLAN tagged
    localnet logical switches if 'reside-on-redirect-chassis' option is defined

  - 'dnat_and_snat' NAT rules with 'logical_mac' and 'logical_port'
    columns defined will not work for these logical switches.

This approach is taken for now as it is simple. If there is a requirement
to support distributed routing for these VLAN tenant networks, we
can explore other possible solutions.

[1] -  https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
[2] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046557.html

Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-April/046543.html
Reported-by: venkata anil <vkommadi@redhat.com>
Co-authored-by: venkata anil <vkommadi@redhat.com>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Signed-off-by: venkata anil <vkommadi@redhat.com>
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
5 years agoconfigure: Check for more specific function to pull in pthread library.
Ben Pfaff [Thu, 15 Nov 2018 16:25:52 +0000 (08:25 -0800)]
configure: Check for more specific function to pull in pthread library.

On my laptop, pthread_create() is always available without -lpthread, but
when I use -fsanitize=address, -lpthread is required to pull in other
threading functions such as pthread_rwlock_tryrdlock().  Thus, with
-fsanitize=address I have to manually add -lpthread to link commands one
way or another.  This commit avoids that problem by checking for a
function that is sometimes only available in -lpthread.

Tested-by: Yifeng Sun <pkusunyifeng@gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoofp-actions: Make all actions a multiple of OFPACT_ALIGNTO bytes.
Ben Pfaff [Thu, 15 Nov 2018 00:07:30 +0000 (16:07 -0800)]
ofp-actions: Make all actions a multiple of OFPACT_ALIGNTO bytes.

The functions to put ofpacts into ofpbufs have always padded them to
OFPACT_ALIGNTO boundaries, but the underlying structures weren't
necessarily padded out.  That led to difficulties in a few places where
structures were allocated on the stack instead in an ofpbuf, because
functions like ofpact_init_*() would access beyond the end of the actual
structure.  This is true, for example, in test_multipath_main() in
tests/test-multipath.c, which allocates a struct ofpact_multipath on the
stack, and in lswitch_handshake() in learning-switch.c, which allocates
a struct ofpact_output on the stack.

It's possible to fix these individual cases, but it's possible that there
are others that haven't been identified.  This commit addresses the issue
another way, by padding all of the ofpact structures to a full multiple
of OFPACT_ALIGNTO and adding assertions to ensure that it can't be screwed
up in the future.

This commit removes the OFPACT_*_SIZE enums, because they are now
equivalent to sizeof(struct ofpact_*) in every case.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agotests: Always use --no-chdir with --detach.
Ben Pfaff [Wed, 14 Nov 2018 23:39:05 +0000 (15:39 -0800)]
tests: Always use --no-chdir with --detach.

With --detach but not --no-chdir, core files and Address Sanitizer logs
don't go into the testsuite directory but end up dropped because it tries
to write them in the root directory.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agopackets: Fix use-after-free error in packet_put_ra_prefix_opt().
Ben Pfaff [Wed, 14 Nov 2018 16:23:08 +0000 (08:23 -0800)]
packets: Fix use-after-free error in packet_put_ra_prefix_opt().

dp_packet_put_uninit() can reallocate the data buffer, so find the L4
header pointer afterward instead of before.

Found by Address Sanitizer.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoraft: Fix notifications when a server leaves the cluster.
Ben Pfaff [Tue, 13 Nov 2018 21:25:08 +0000 (13:25 -0800)]
raft: Fix notifications when a server leaves the cluster.

When server A sends the leader a request to remove server B from the
cluster, where A != B, the leader sends both A and B a notification when
the removal is complete.  Until now, however, the notification (which is a
raft_remove_server_reply message) did not say which server had been
removed, and the receiver did not check.  Instead, the receiver assumed
that it had been removed.  The result was that B was removed and A stopped
serving out the database even though it was still part of the cluster,
This commit fixes the problem.

Reported-by: ramteja tadishetti <ramtejatadishetti@gmail.com>
Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoraft: Avoid null dereference in raft_update_our_match_index().
Ben Pfaff [Tue, 13 Nov 2018 21:17:43 +0000 (13:17 -0800)]
raft: Avoid null dereference in raft_update_our_match_index().

When the server is leaving the cluster but remains leader, the
raft_find_server() call can return NULL.  Previously this caused a null
dereference.  This commit fixes the problem.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoraft: Avoid use-after-free error in raft_update_commit_index().
Ben Pfaff [Tue, 13 Nov 2018 17:50:29 +0000 (09:50 -0800)]
raft: Avoid use-after-free error in raft_update_commit_index().

raft_update_commit_index() iterates over a sequence of entries that may
have up to two components: a set of servers and a piece of data.  When
a set of servers is present, it calls raft_run_reconfigure(), which can
call through the following chain of functions in some cases:

   raft_log_reconfiguration()
   raft_command_execute__()
   raft_command_initiate()
   raft_write_entry()
   raft_add_entry()

and raft_add_entry() can reallocate raft->entries, which turns the pointer
'e' that raft_update_commit_index() has to the current entry into a wild
pointer.

This commit fixes the problem.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoraft: Improve logging for sent RPCs.
Ben Pfaff [Tue, 13 Nov 2018 16:33:02 +0000 (08:33 -0800)]
raft: Improve logging for sent RPCs.

For debugging, it is useful to know the source code line that sent a
given RPC message.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovsdb-idl: Treat "unknown database" error as reason to reconnect.
Ben Pfaff [Tue, 13 Nov 2018 17:26:40 +0000 (09:26 -0800)]
ovsdb-idl: Treat "unknown database" error as reason to reconnect.

Ordinarily the IDL finds out in advance whether a particular database is
on its server, or it finds out via notifications.  But it's also a good
idea to adopt a belt-and-suspenders approach so that, if the IDL does
receive an "unknown database" error, we treat it as a "soft" error that
can be fixed by reconnecting to another server, rather than a "hard" error
that should cause an immediate abort.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoovsdb-idl: Avoid sending transactions when the DB is not synced up.
Ben Pfaff [Tue, 13 Nov 2018 17:20:50 +0000 (09:20 -0800)]
ovsdb-idl: Avoid sending transactions when the DB is not synced up.

Until now the code here would happily try to send transactions to the
database server even if the database connection was not in the correct
state.  In some cases this could lead to strange behavior, such as sending
a database transaction for a database that the IDL had just learned did not
exist on the server.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agopcap-file: Correctly format enum type.
Ben Pfaff [Fri, 16 Nov 2018 17:24:51 +0000 (09:24 -0800)]
pcap-file: Correctly format enum type.

The underlying type for an enum is somewhat unpredictable in that the
compiler and the ABI influence it.  The format specifier I used here was
apparently correct for i386 on Linux but wrong for x86-64.  It's better to
just use a cast.

Fixes: 597177a283da ("pcap-file: Add support for Linux SLL formatted PCAP files.")
Reported-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoWindows: Fix broken kernel userspace communication
Alin Gabriel Serdean [Fri, 16 Nov 2018 13:32:58 +0000 (15:32 +0200)]
Windows: Fix broken kernel userspace communication

Patch: https://github.com/openvswitch/ovs/commit/69c51582ff786a68fc325c1c50624715482bc460
broke Windows userpace - kernel communication.

On windows we create netlink sockets when the handlers are initiated and
reuse them.
This patch remaps the usage of the netlink socket pool.

Fixes:
https://github.com/openvswitch/ovs-issues/issues/164

Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Shashank Ram <rams@vmware.com>
Tested-by: Shashank Ram <rams@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Co-authored-by: Ben Pfaff <blp@ovn.org>
5 years agocoding-style: Few visual enhancements for the document.
Ilya Maximets [Fri, 16 Nov 2018 15:13:07 +0000 (18:13 +0300)]
coding-style: Few visual enhancements for the document.

Some keywords and numbers highlighted. Added few spaces to
the examples.

Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agopcap: Fix reading regular old Ethernet pcap files.
Ben Pfaff [Thu, 15 Nov 2018 17:38:39 +0000 (09:38 -0800)]
pcap: Fix reading regular old Ethernet pcap files.

This broke the unit tests.

Fixes: 597177a283da ("pcap-file: Add support for Linux SLL formatted PCAP files.")
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Tested-by: Alin Gabriel Serdean <aserdean@ovn.org>
Reported-by: Alin Gabriel Serdean <aserdean@ovn.org>
Tested-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodpif-netlink: Fix error behavior in dpif_netlink_port_add__().
Ben Pfaff [Thu, 15 Nov 2018 17:08:18 +0000 (09:08 -0800)]
dpif-netlink: Fix error behavior in dpif_netlink_port_add__().

Until now, the code here would report an error to its caller as success.
This fixes the problem.

Found by inspection.

Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoodp-util: Add checking to prevent buffer overflow when parsing push_nsh
Yifeng Sun [Tue, 13 Nov 2018 19:25:24 +0000 (11:25 -0800)]
odp-util: Add checking to prevent buffer overflow when parsing push_nsh

Previously, the buffer size of 'struct ofpbuf b' is less than the
size of 'char buf[512]', this could cause memory overflow of ofpbuf
when calling ofpbuf_put_hex. This patch fixes it.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10865
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agooss-fuzz: Fix memory leak in ofctl_parse_flow
Yifeng Sun [Wed, 14 Nov 2018 23:14:05 +0000 (15:14 -0800)]
oss-fuzz: Fix memory leak in ofctl_parse_flow

If parse_ofp_flow_mod_str returns no error, ofputil_flow_mod.match
contains allocated memory that should be free. This patch fixes it.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11343
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodocs: Fix cross-references that referred to discussions that have moved.
Ben Pfaff [Fri, 9 Nov 2018 05:39:00 +0000 (21:39 -0800)]
docs: Fix cross-references that referred to discussions that have moved.

Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agopcap-file: Add support for Linux SLL formatted PCAP files.
Ben Pfaff [Sun, 11 Nov 2018 23:41:08 +0000 (15:41 -0800)]
pcap-file: Add support for Linux SLL formatted PCAP files.

Someone sent me one of these and OVS couldn't read it.  This fixes the
problem.

Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodatapath-windows: Fix invalid reference in Buffermgmt.c
Sairam Venugopal [Wed, 14 Nov 2018 20:07:28 +0000 (12:07 -0800)]
datapath-windows: Fix invalid reference in Buffermgmt.c

OVS_BUFFER_CONTEXT gets cleared as part of NdisFreeNetBufferListContext
function call. This causes an invalid reference error.

Found while testing with driver verifier enabled.

Signed-off-by: Sairam Venugopal <vsairam@vmware.com>
Acked-by: Anand Kumar <kumaranand@vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean@ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
5 years agofaq: Fix typo in VLAN 9 configuration examples.
chrone [Thu, 15 Nov 2018 07:54:39 +0000 (14:54 +0700)]
faq: Fix typo in VLAN 9 configuration examples.

Fixed typo on the VLAN 9 configuration example where the device name should
be vlan9 instead of vlan0.

Signed-off-by: Charles Alva <charlesalva@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agocoding-style: Remove redundant symbols from the examples.
Ilya Maximets [Thu, 15 Nov 2018 11:55:35 +0000 (14:55 +0300)]
coding-style: Remove redundant symbols from the examples.

Some backslashes was added while converting from .md to .rst.
These symbols are printable in both pdf and html docs and
should be removed.

CC: Stephen Finucane <stephen@that.guru>
Fixes: d124a408a4bc ("doc: Convert CodingStyle to rST")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoTests: Fix test bridge - add port after stopping controller on Windows
Alin Gabriel Serdean [Wed, 14 Nov 2018 15:30:53 +0000 (17:30 +0200)]
Tests: Fix test bridge - add port after stopping controller on Windows

On Windows the file which is used for the named pipe connection (`punix:file`)
is not deleted when the process is closed.

Try to delete the `controller` file and fail if we can't (on Windows you can't
delete a file if there still an opened handle to it).

Also add a check to see if the `ovs-testcontroller` was successfully started.

Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
5 years agonetdev-tc-offloads: Delete ufid tc mapping in the right place
Chris Mi [Mon, 12 Nov 2018 02:08:38 +0000 (11:08 +0900)]
netdev-tc-offloads: Delete ufid tc mapping in the right place

Currently, the ufid tc mapping is deleted in add_ufid_tc_mapping().
But if tc_replace_flower() failed, the old ufid tc mapping will not
be deleted. If another thread adds the same tc mapping successfully,
then there will be multiple mappings for the same ifindex, handle
and prio.

Fixes: 9116730db ("netdev-tc-offloads: Add ufid to tc/netdev map")
Signed-off-by: Chris Mi <chrism@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
5 years agoipsec: Install ovs-monitor-ipsec in script directory
Timothy Redaelli [Sun, 11 Nov 2018 10:04:17 +0000 (11:04 +0100)]
ipsec: Install ovs-monitor-ipsec in script directory

In commit d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of
"/usr/bin/env python"") ovs-monitor-ipsec is installed in bin directory,
but it's supposed to be installed in script directory.

This commit removes also the manual copy of "ovs-monitor-ipsec" in spec file
since it's installed directly in "make install".

Fixes: d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of "/usr/bin/env python"")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agogitignore: Ignore ovs-monitor-ipsec
Timothy Redaelli [Sun, 11 Nov 2018 10:04:33 +0000 (11:04 +0100)]
gitignore: Ignore ovs-monitor-ipsec

Commit d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of "/usr/bin/env
python"") introduced ovs-monitor-ipsec.in that generates
ovs-monitor-ipsec.

This commit adds ovs-monitor-ipsec to ipsec/.gitignore.

Fixes: d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of "/usr/bin/env python"")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agorhel: Rename the IPsec package as openvswitch-ipsec
Timothy Redaelli [Sun, 11 Nov 2018 10:13:50 +0000 (11:13 +0100)]
rhel: Rename the IPsec package as openvswitch-ipsec

Currently the split package for ipsec is named
openvswitch-openvswitch-ipsec, but it should be named openvswitch-ipsec.

This commit changes the spec file in order to have the IPsec package as
openvswitch-ipsec instead of openvswitch-openvswitch-ipsec.

CC: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Fixes: bdddc715358e ("debian and rhel: Create IPsec package.")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agobuild: Clean up ovs-monitor-ipsec.
Ilya Maximets [Mon, 12 Nov 2018 10:34:11 +0000 (13:34 +0300)]
build: Clean up ovs-monitor-ipsec.

This fixes travis distcheck:

  ERROR: files left in build directory after distclean:
  ./ipsec/ovs-monitor-ipsec
  make[1]: *** [distcleancheck] Error 1

Acked-by: Timothy Redaelli <tredaelli@redhat.com>
Fixes: d5cc46e3d185 ("ipsec: Use @PYTHON@ directly instead of "/usr/bin/env python"")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agopinctrl: Fix dp_packet structure leak.
Ilya Maximets [Mon, 12 Nov 2018 12:20:39 +0000 (15:20 +0300)]
pinctrl: Fix dp_packet structure leak.

Buffered packets are always packets created by 'dp_packet_clone_data()'
i.e. they are malloced. It's not enough to free the packet data,
dp_packet structure must be freed too. 'dp_packet_delete()' will take
care of that.

Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Fixes: d7abfe39cfd2 ("OVN: add buffering support for ip packets")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agopinctrl: Fix crash on buffered packets hmap double remove.
Ilya Maximets [Mon, 12 Nov 2018 12:19:57 +0000 (15:19 +0300)]
pinctrl: Fix crash on buffered packets hmap double remove.

'destroy_buffered_packets()' removes the hmap node which was
already removed by 'HMAP_FOR_EACH_POP()' producing following
crash log:

    Invalid read of size 8
        at 0x134EDB: hmap_remove (hmap.h:287)
        by 0x134EDB: destroy_buffered_packets (pinctrl.c:237)
        by 0x13AB3B: destroy_buffered_packets_map (pinctrl.c:246)
        by 0x13AB3B: pinctrl_destroy (pinctrl.c:1804)
        by 0x12C0CF: main (ovn-controller.c:916)
    Address 0x8 is not stack'd, malloc'd or (recently) free'd

Could be captured by check-valgrind on the following test:
    '2720. ovn -- IP packet buffering'

Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Fixes: d7abfe39cfd2 ("OVN: add buffering support for ip packets")
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agonetdev-dpdk: Bring link down when NETDEV_UP is not set
Eelco Chaudron [Mon, 12 Nov 2018 09:26:22 +0000 (04:26 -0500)]
netdev-dpdk: Bring link down when NETDEV_UP is not set

When the netdev link flags are changed, !NETDEV_UP, the DPDK ports are not
actually going down. This is causing problems for people trying to bring
down a bond member. The bond link is no longer being used to receive or
transmit traffic, however, the other end keeps sending data as the link
remains up.

With OVS 2.6 the link was brought down, and this was changed with commit
3b1fb0779. In this commit, it's explicitly mentioned that the link down/up
DPDK APIs are not called as not all PMD devices support it.

However, this patch does call the appropriate DPDK APIs and ignoring
errors due to the PMD not supporting it. PMDs not supporting this should
be fixed in DPDK upstream.

I verified this patch is working correctly using the
ovs-appctl netdev-dpdk/set-admin-state <port> {up|down} and
ovs-ofctl mod-port <bridge> <port> {up|down} commands on a XL710
and 82599ES.

Fixes: 3b1fb0779b87 ("netdev-dpdk: Don't call rte_dev_stop() in update_flags().")
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Acked-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Ian Stokes <ian.stokes@intel.com>
5 years agortnetlink: Remove executable bit from rtnetlink.h
Timothy Redaelli [Sat, 10 Nov 2018 15:52:01 +0000 (16:52 +0100)]
rtnetlink: Remove executable bit from rtnetlink.h

In commit 135ee7ef362f ("rtnetlink: extend parser to include kind of master and
slave") the file mode of rtnetlink.h accidentaly changed from 0644 to 0755.

This commit restores the previous file mode (0644) on rtnetlink.h.

CC: John Hurley <john.hurley@netronome.com>
Fixes: 135ee7ef362f ("rtnetlink: extend parser to include kind of master and slave")
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agobond: Remove executable bit from bond.c
Timothy Redaelli [Sat, 10 Nov 2018 15:52:00 +0000 (16:52 +0100)]
bond: Remove executable bit from bond.c

In commit 90061ea7d1dd ("bond: Fix LACP fallback to active-backup when recirc
is enabled.") the file mode of bond.c accidentaly changed from 0644 to 0755.

This commit restores the previous file mode (0644) on bond.c.

CC: Ben Pfaff <blp@ovn.org>
Fixes: 90061ea7d1dd ("bond: Fix LACP fallback to active-backup when recirc is enabled.")
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoipsec: Use @PYTHON@ directly instead of "/usr/bin/env python"
Timothy Redaelli [Sat, 10 Nov 2018 15:29:07 +0000 (16:29 +0100)]
ipsec: Use @PYTHON@ directly instead of "/usr/bin/env python"

Using "/usr/bin/env" is against Fedora Packaging Guidelines [1].

Moreover, in this specific case, it also prevent "make rpm-fedora" to
successfully complete on "Fedora Rawhide" since "#!/usr/bin/env python"
must not be used anymore [2].

[1] https://fedoraproject.org/wiki/Packaging:Guidelines#Shebang_lines
[2] https://fedoraproject.org/wiki/Changes/Make_ambiguous_python_shebangs_error

CC: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Fixes: 22c5eafb6efa ("ipsec: reintroduce IPsec support for tunneling")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoMAINTAINERS: Add Ian Stokes.
Ben Pfaff [Fri, 9 Nov 2018 16:38:21 +0000 (08:38 -0800)]
MAINTAINERS: Add Ian Stokes.

Ian was elected by the Open vSwitch committers on Nov. 9.  Welcome to the
team, Ian!

Acked-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoMAINTAINERS: Move Ethan to emeritus status.
Ben Pfaff [Fri, 9 Nov 2018 21:32:28 +0000 (13:32 -0800)]
MAINTAINERS: Move Ethan to emeritus status.

Requested-by: Ethan J. Jackson <ejj@eecs.berkeley.edu>
Acked-by: Ethan J. Jackson <ejj@eecs.berkeley.edu>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoDocumentation: OVN RBAC and IPsec tutorial
Qiuyu Xiao [Wed, 19 Sep 2018 21:15:58 +0000 (17:15 -0400)]
Documentation: OVN RBAC and IPsec tutorial

This patch adds step-by-step guide for configuring OVN Role-Based Access
Control and IPsec.

Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoOVN: native support for tunnel encryption
Qiuyu Xiao [Wed, 19 Sep 2018 21:15:57 +0000 (17:15 -0400)]
OVN: native support for tunnel encryption

This patch adds IPsec support for OVN tunnel. Basically, OVN offers a
binary option to its user for encryption configuration. If the IPsec
option is turned on, all tunnels will be encrypted. Otherwise, no tunnel
will be encrypted.

The changes are summarized as below:
1) Added a ipsec column on the NB_Global table and SB_Global table. The
value of ipsec column is propagated by ovn-northd from NB_Global to
SB_Global.

2) ovn-controller monitors the ipsec column in SB_Global. If the ipsec
value is true, ovn-controller sets options of the tunnel interface by
specifying "options:remote_name=<remote_chassis_name>". If the ipsec
value is false, ovn-controller removes these options.

3) ovs-monitor-ipsec daemon
(https://mail.openvswitch.org/pipermail/ovs-dev/2018-June/348701.html)
monitors the tunnel interface options and configures IKE daemon
accordingly for IPsec encryption.

Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoDocumentation: IPsec tunnel tutorial and documentation.
Qiuyu Xiao [Wed, 19 Sep 2018 21:15:56 +0000 (17:15 -0400)]
Documentation: IPsec tunnel tutorial and documentation.

tutorials/index.rst gives a step-by-setp guide to set up OVS IPsec
tunnel.

tutorials/ipsec.rst gives detailed explanation on the IPsec tunnel
configuration methods and forwarding modes.

Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Co-authored-by: Ansis Atteka <aatteka@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodebian and rhel: Create IPsec package.
Qiuyu Xiao [Wed, 19 Sep 2018 21:15:55 +0000 (17:15 -0400)]
debian and rhel: Create IPsec package.

Added rules and files to create debian and rpm ovs-ipsec packages.

Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Co-authored-by: Ansis Atteka <aatteka@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoipsec: reintroduce IPsec support for tunneling
Qiuyu Xiao [Wed, 19 Sep 2018 21:15:54 +0000 (17:15 -0400)]
ipsec: reintroduce IPsec support for tunneling

This patch reintroduces ovs-monitor-ipsec daemon that
was previously removed by commit 2b02d770 ("openvswitch:
Allow external IPsec tunnel management.")

After this patch, there are no IPsec flavored tunnels anymore.
IPsec is enabled by setting up the right values in:
1. OVSDB:Interface:options column;
2. OVSDB:Open_vSwitch:other_config column;
3. OpenFlow pipeline.

GRE, VXLAN, GENEVE, and STT IPsec tunnels are supported. LibreSwan and
StrongSwan IKE daemons are supported. User can choose pre-shared key,
self-signed peer certificate, or CA-signed certificate as authentication
methods.

Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Signed-off-by: Ansis Atteka <aatteka@ovn.org>
Co-authored-by: Ansis Atteka <aatteka@ovn.org>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodatapath: add transport ports in route lookup for geneve
Qiuyu Xiao [Wed, 19 Sep 2018 21:15:53 +0000 (17:15 -0400)]
datapath: add transport ports in route lookup for geneve

This patch adds transport ports information for route lookup so that
IPsec can select geneve tunnel traffic to do encryption.

Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agofaq: Update information on meters.
Ben Pfaff [Fri, 9 Nov 2018 15:38:01 +0000 (07:38 -0800)]
faq: Update information on meters.

Acked-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agorhel: hugetlbfs group should be added as a system group.
Aaron Conole [Tue, 6 Nov 2018 17:28:15 +0000 (12:28 -0500)]
rhel: hugetlbfs group should be added as a system group.

Reported-by: Edgar Hoch <edgar.hoch@ims.uni-stuttgart.de>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoofproto.c: Handle the situation when ofp_port number exhausted.
Han Zhou [Thu, 8 Nov 2018 06:29:44 +0000 (22:29 -0800)]
ofproto.c: Handle the situation when ofp_port number exhausted.

When ofp_port number is exhausted, OFPP_NONE (65535) will be
returned by alloc_ofp_port(). In this case we should error out
instead of continue using 65535 as port number.

Using the invalid number causes unpredictable consequences:

2018-11-06T01:29:10.042Z|142103|dpif(ovs-vswitchd)|WARN|system@ovs-system: failed to add ovn-aded97-0 as port: Device or resource busy
2018-11-06T01:29:10.045Z|142104|bridge(ovs-vswitchd)|INFO|bridge br-int: added interface ovn-aded97-0 on port 65535
2018-11-06T01:29:11.479Z|142108|ofproto(ovs-vswitchd)|WARN|br-int: cannot configure bfd on nonexistent port 65535
2018-11-06T01:29:11.479Z|142109|ofproto(ovs-vswitchd)|WARN|br-int: cannot configure LLDP on nonexistent port 65535
2018-11-06T01:29:11.479Z|142110|ofproto(ovs-vswitchd)|WARN|br-int: cannot configure datapath on nonexistent port 65535
...
2018-11-06T01:29:18.783Z|142117|bfd(ovs-vswitchd)|INFO|ovn-aded97-0: BFD state change: admin_down->down "No Diagnostic"->"No Diagnostic".
2018-11-06T01:29:18.785Z|00061|bfd(monitor82)|INFO|Interface ovn-aded97-0 remote mult value 0 changed to 3
2018-11-06T01:29:18.785Z|00062|bfd(monitor82)|INFO|ovn-aded97-0: New remote min_rx.
...
2018-11-06T01:29:18.773Z|142111|bridge(ovs-vswitchd)|INFO|bridge br-int: deleted interface ovn-aded97-0 on port 65535
...
2018-11-06T01:29:18.779Z|142115|dpif(ovs-vswitchd)|WARN|system@ovs-system: failed to add ovn-aded97-0 as port: Device or resource busy
2018-11-06T01:29:18.782Z|142116|bridge(ovs-vswitchd)|INFO|bridge br-int: added interface ovn-aded97-0 on port 65535
...
2018-11-06T01:29:18.785Z|00064|bfd(monitor82)|WARN|ovn-aded97-0: Incorrect your_disc.
...

Signed-off-by: Han Zhou <hzhou8@ebay.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoofproto.c: Fix port number leaking.
Han Zhou [Thu, 8 Nov 2018 06:29:43 +0000 (22:29 -0800)]
ofproto.c: Fix port number leaking.

When there is an error in ofport_install(), the ofp port number is
not deallocated, which leads to port number leak. For example,
when there is an redundant tunnel port added in an OVS bridge,
ovs-vswitchd will try to add the port to ofproto whenever OVSDB
changes, which would trigger the port number leak, and over the
time there won't be any port available for valid requests.

Signed-off-by: Han Zhou <hzhou8@ebay.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodns-resolve: Improve on handling of system DNS nameserver
Yifeng Sun [Wed, 7 Nov 2018 21:44:34 +0000 (13:44 -0800)]
dns-resolve: Improve on handling of system DNS nameserver

This patch enables OVS on windows to read system nameserver configuration.
In addition, a new environment variable OVS_RESOLV_CONF is introduced.
If set, it can be used as DNS server configuration file. This variable
is supposed to be used for sandboxing other things. It is documented
accordingly.

Suggested-by: Ben Pfaff <blp@ovn.org>
Suggested-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agodns-resolve: Stop dns resolving if no DNS server configured
Yifeng Sun [Wed, 7 Nov 2018 21:44:33 +0000 (13:44 -0800)]
dns-resolve: Stop dns resolving if no DNS server configured

DNS resolution should fail if no DNS servers are available. This
patch fixes it.

Suggested-by: Ben Pfaff <blp@ovn.org>
Suggested-by: Mark Michelson <mmichels@redhat.com>
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoofctl_parse_target: Avoid passing invalid ofputil_protocol to ofputil_protocol_to_ofp...
Yifeng Sun [Wed, 7 Nov 2018 20:42:16 +0000 (12:42 -0800)]
ofctl_parse_target: Avoid passing invalid ofputil_protocol to ofputil_protocol_to_ofp_version

In this test, the involved ovs functions expect valid ofputil_protocol
values. Therefore, if usable_protocols is invalid, we should return.
Otherwise, ovs will abort.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11165
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoodp-util: Set a limit for nested parse_odp_key_mask_attr call
Yifeng Sun [Wed, 7 Nov 2018 20:42:17 +0000 (12:42 -0800)]
odp-util: Set a limit for nested parse_odp_key_mask_attr call

This patch puts a limit on the nested depth in flow key string to avoid
stackoverflow. An example to show this issue is a key string contains
thousands of nested encaps. In addition, a new test is added for this fix.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11149
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agoactions: Enforce a maximum limit for nested action depth
Yifeng Sun [Wed, 7 Nov 2018 20:42:15 +0000 (12:42 -0800)]
actions: Enforce a maximum limit for nested action depth

If nested depth of actions is too deep, then the stack will be overflown
and ovs-vswitch crashes. This patch prevents this by adding a depth limit
to nested actions.

Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11237
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agofaq: update the ERSPAN/GRE tunnel feature.
William Tu [Fri, 9 Nov 2018 16:11:32 +0000 (08:11 -0800)]
faq: update the ERSPAN/GRE tunnel feature.

Add ERSPAN/GRE tunnel to datapath feature comparison table.

Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agofaq: Specify QoS support is dependent on interface type.
Darrell Ball [Fri, 9 Nov 2018 18:07:16 +0000 (10:07 -0800)]
faq: Specify QoS support is dependent on interface type.

QoS support depends on interface type; document it.

Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agovswitchd: Update documentation for legacy_l3 type packets
Greg Rose [Tue, 6 Nov 2018 22:24:26 +0000 (14:24 -0800)]
vswitchd: Update documentation for legacy_l3 type packets

The documentation needs to specify that for GRE tunnels there is no
support for legacy_l3 type packets in the kernel datapath.

Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
5 years agogre: Remove dead ipgre code
Greg Rose [Tue, 6 Nov 2018 22:24:25 +0000 (14:24 -0800)]
gre: Remove dead ipgre code

Open vSwitch uses gretap, not ipgre for gre tunneling.  Remove dead
code for ipgre type tunnels.

Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>